Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://ap2f7c.myportfolio.com/

Overview

General Information

Sample URL:https://ap2f7c.myportfolio.com/
Analysis ID:517898
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on shot template match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Yara detected HtmlPhish7
Phishing site detected (based on image similarity)
PE file contains an invalid checksum
Drops PE files
PE file contains sections with non-standard names
No HTML title found
HTML body contains low number of good links

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 852 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://ap2f7c.myportfolio.com/ MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 1000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,17696209338065031019,4206317559381073749,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://ap2f7c.myportfolio.com/SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlSlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on shot template match)Show sources
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlMatcher: Template: office matched
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 28179.1.pages.csv, type: HTML
Yara detected HtmlPhish7Show sources
Source: Yara matchFile source: 28179.1.pages.csv, type: HTML
Phishing site detected (based on image similarity)Show sources
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlMatcher: Found strong image similarity, brand: Microsoft image: 28179.1.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlMatcher: Found strong image similarity, brand: Microsoft image: 28179.1.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: HTML title missing
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: HTML title missing
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: Number of links: 0
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: Number of links: 0
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: No <meta name="author".. found
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: No <meta name="author".. found
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\852_1636046447\LICENSE.txtJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 104.21.87.42:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.87.42:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.0.dr
Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.0.dr
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: angular.js.0.drString found in binary or memory: http://angularjs.org
Source: widevinecdm.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: widevinecdm.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: widevinecdm.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: widevinecdm.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: widevinecdm.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: widevinecdm.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: angular.js.0.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.drString found in binary or memory: http://llvm.org/):
Source: widevinecdm.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: widevinecdm.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
Source: widevinecdm.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: widevinecdm.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=GtFnymOdZLMjOb1T%2B5uGrq3SAH%2BYiB9aI3oNOn9k8OAoFPgK%2Fj2av
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=dN3qA%2B4z6npDZsy%2FmrdbAMuJoHtz3EgAoOLD6AcFf81fCzMuWCM0fUI
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=fUhG4Llc0CW8hwgW7vWb7%2BaVQIMKCM0E4XgswSQJ%2FR1MnAW6KXShuuN
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, manifest.json3.0.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
Source: 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://ajax.googleapis.com
Source: data_1.1.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: data_1.1.drString found in binary or memory: https://ap2f7c.myportfolio.com/
Source: History Provider Cache.0.drString found in binary or memory: https://ap2f7c.myportfolio.com/2
Source: data_1.1.drString found in binary or memory: https://ap2f7c.myportfolio.com/dist/css/main.css
Source: data_1.1.drString found in binary or memory: https://ap2f7c.myportfolio.com/dist/js/main.js?cb=
Source: data_1.1.drString found in binary or memory: https://ap2f7c.myportfolio.com/dist/js/main.js?cb=var
Source: data_1.1.drString found in binary or memory: https://ap2f7c.myportfolio.com/site/translations?cb=
Source: data_1.1.drString found in binary or memory: https://ap2f7c.myportfolio.com/site/translations?cb=Q
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, manifest.json3.0.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://apis.google.com
Source: data_1.1.drString found in binary or memory: https://bam-cell.nr-data.net/1/e7fb1b89a0?a=750147145&v=1211.ba193a8&to=ZwZaYkJVDERXUxULCV5Me0NDQA1a
Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: data_1.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jskf
Source: pnacl_public_x86_64_libgcc_a.0.dr, pnacl_public_x86_64_crtend_o.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libgcc_a.0.dr, pnacl_public_x86_64_crtend_o.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.0.dr, manifest.json3.0.dr, manifest.json4.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: data_1.1.drString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.1.drString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js&
Source: data_1.1.drString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.1.drString found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCaxK91EODqpSEgk
Source: manifest.json3.0.drString found in binary or memory: https://content.googleapis.com
Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.dr, 839b2a3f-b378-41a9-89f2-4f810ad89b69.tmp.1.drString found in binary or memory: https://dns.google
Source: LICENSE.txt.0.drString found in binary or memory: https://easylist.to/)
Source: manifest.json3.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: data_1.1.drString found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: manifest.json3.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: data_1.1.drString found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: manifest.json3.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.drString found in binary or memory: https://github.com/angular/material
Source: LICENSE.txt.0.drString found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json3.0.drString found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_1.1.drString found in binary or memory: https://js-agent.newrelic.com/nr-1211.min.js
Source: data_1.1.drString found in binary or memory: https://js-agent.newrelic.com/nr-1211.min.jsiI
Source: data_1.1.drString found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Source: data_1.1.drString found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Source: data_1.1.drString found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: data_1.1.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_1.1.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: data_1.1.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js/
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://meetings.clients6.google.com
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: data_1.1.drString found in binary or memory: https://p.typekit.net/p.gif?s=2&k=359713_f977a92d0cc239c0562614f3de10926aff57d23a&ht=tk&h=ap2f7c.myp
Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: data_1.1.drString found in binary or memory: https://pro2-bar-s3-cdn-cf.myportfolio.com/4f57a6be-b888-4286-8349-3d89b3f719ef/1ec8c096dfa9935a5423
Source: data_1.1.drString found in binary or memory: https://pro2-bar-s3-cdn-cf.myportfolio.com/4f57a6be-b888-4286-8349-3d89b3f719ef/ba823a65-fcea-4c4d-8
Source: 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://r5---sn-5hne6nsz.gvt1.com
Source: data_1.1.drString found in binary or memory: https://r5---sn-5hne6nsz.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
Source: data_1.1.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: Current Session.0.dr, data_1.1.drString found in binary or memory: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.html
Source: History Provider Cache.0.drString found in binary or memory: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.html2
Source: Current Session.0.drString found in binary or memory: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlCN~
Source: data_1.1.drString found in binary or memory: https://s3.us-west-002.backblazeb2.com/algometrically-fallibly-vignetter/index.htmlD
Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/css/hover.css
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/css/hover.cssoP
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/images/8.jpg
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/images/adobe.jpg
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/images/gmail.png
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/images/office3651.png
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/images/other1.png
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/images/other1.pngMc
Source: data_1.1.drString found in binary or memory: https://seedsmtp.com/email-list/mnb/images/outlook1.png
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, 50f27c92-5512-4c19-9e70-f11bb82cad58.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: messages.json15.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json15.0.dr, feedback.html.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: data_1.1.drString found in binary or memory: https://use.typekit.net/af/3e2979/00000000000000007735a6b9/30/l?subset_id=2&fvd=n7&v=3
Source: data_1.1.drString found in binary or memory: https://use.typekit.net/af/3e2979/00000000000000007735a6b9/30/l?subset_id=2&fvd=n7&v=3q
Source: data_1.1.drString found in binary or memory: https://use.typekit.net/af/54d47a/000000000000000000017750/27/l?subset_id=2&fvd=n4&v=3
Source: data_1.1.drString found in binary or memory: https://use.typekit.net/af/54d47a/000000000000000000017750/27/l?subset_id=2&fvd=n4&v=3B
Source: data_1.1.drString found in binary or memory: https://use.typekit.net/ik/B9mSgM2bUlJHekf6iRjH4H4lW4bTtUvKAHzhP1Xzou9fenwgfHYEBsJzwD9oFDIDWhjoFDiy5
Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: widevinecdm.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: 4063dfa2-79fa-4f7b-b7dc-67ab65b2df9e.tmp.1.dr, manifest.json3.0.dr, 50f27c92-5512-4c19-9e7